vlc -- arbitrary code execution in the RealMedia processor

Details

VuXML ID

acf80afa-c3ef-11dd-a721-0030843d3802

Discovery

2008-11-30

Entry

2008-12-06

Modified

2008-12-07

Tobias Klein from TrapKit reports:

The VLC media player contains an integer overflow vulnerability
while parsing malformed RealMedia (.rm) files. The vulnerability
leads to a heap overflow that can be exploited by a (remote)
attacker to execute arbitrary code in the context of VLC media
player.